在我自己的代码(C++)中,我使用了下面的代码,它接受一个 EVP_PKEY 对象并返回一个 RSA 对象:
using evp_pkey_ptr = std::unique_ptr<EVP_PKEY>;
using rsa_ptr = std::unique_ptr<RSA>;
rsa_ptr evp_get_rsa(const evp_pkey_ptr& evp) {
RSA * rsa = EVP_PKEY_get1_RSA(evp.get());
return rsa_ptr(rsa);
}
关于您验证 JWT 的目的。
我是这样做的:
// get jwt payload from jwt data
std::string payload_b64 = jwt[0] + "." + jwt[1];
// get jwt signature from jwt data
std::string signature_b64 = from_base64uri(jwt[2].c_str(), jwt[2].size());
// obtain RSA object from EVP
RSA * rsa = EVP_PKEY_get1_RSA(evp)
// create a digest of the jwt payload, using SHA256
digest = SHA256_Init, SHA256_Update, SHA256_Final, etc
// get byte representation of the jwt signature
sig_bytes = from_base64(payload_b64);
// call OpenSSL API to verify digest matches received signature
ERR_clear_error();
int rc = RSA_verify(NID_sha256,
(const unsigned char*) digest.data(), digest.size(),
(const unsigned char*) sig_bytes.data(), sig_bytes.size(),
rsa);
if (1 != rc)
printf("RSA_verify");